This PR deprecates plaintext secret in Corefile for route53 plugin (`aws_access_key`).
Since using environmental variables of `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
have already been available, no other changes other than deprecation is needed.
This will avoid saving plaintext secret in Corefile which could be
of security concern.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit uses a cancelable context to spawn goroutines that refresh
records from a cloud DNS provider. The Caddy shutdown routine uses the
returned cancel function to terminate existing goroutines when a USR1
reload signal is received.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix wildcard records issue in rout53 plugin
This PR tries to address 4035 where wild card records does not return
correctly in route53 plugin. The issue was that `strings.Index(s, substr string)`
expect substr to be a string but the code defines as char.
This PR fixes 4035.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Fix failed tests
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Addresses a bug in the file plugin where SOA queries to zone delegations are
inappropriately returned the SOA for the delegating zone, and not a downward
referral to the delegated zone.
Here is an example of what I believe the expected downward referral in response
to a SOA query for a delegated zone should be (note that no SOA record is
returned):
~~~
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @k.root-servers.net. miek.nl. SOA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58381
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 7
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;miek.nl. IN SOA
;; AUTHORITY SECTION:
nl. 172800 IN NS ns1.dns.nl.
nl. 172800 IN NS ns2.dns.nl.
nl. 172800 IN NS ns3.dns.nl.
;; ADDITIONAL SECTION:
ns1.dns.nl. 172800 IN A 194.0.28.53
ns2.dns.nl. 172800 IN A 194.146.106.42
ns3.dns.nl. 172800 IN A 194.0.25.24
ns1.dns.nl. 172800 IN AAAA 2001:678:2c:0:194:0:28:53
ns2.dns.nl. 172800 IN AAAA 2001:67c:1010:10::53
ns3.dns.nl. 172800 IN AAAA 2001:678:20::24
~~~
See #3852 for the original fix.
Modified clouddns/route53 and removed the faulty tests there.
Signed-off-by: Miek Gieben <miek@miek.nl>
Went over all generated manual pages and fixed some markdown issues,
mostly escaping "_" to avoid underlining entire paragraphs.
Some textual fixes in route53 and other cloud DNS plugins.
Regenerated the markdown with mmark.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Move to CODEOWNERS
No change in who own what; just a move to CODEOWNERS. This allows
dreck cleanups.
Added .dreck.yaml for alias and exec.
Fixes: #3486
Signed-off-by: Miek Gieben <miek@miek.nl>
* stickler bot
Signed-off-by: Miek Gieben <miek@miek.nl>
* sort the file
Signed-off-by: Miek Gieben <miek@miek.nl>
Don't perform this code in the init, this allocated 1 megabyte of memory
even if you don't use the plugin. Looks to be only there for testing,
adding a comment to reflect that.
Fixes#3342
Signed-off-by: Miek Gieben <miek@miek.nl>
Abstract the caddy call and make it simpler.
See #3261 for some part of the discussion.
Go from:
~~~ go
func init() {
caddy.RegisterPlugin("any", caddy.Plugin{
ServerType: "dns",
Action: setup,
})
}
~~~
To:
~~~ go
func init() { plugin.Register("any", setup) }
~~~
This requires some external documents in coredns.io to be updated as
well; the old way still works, so it's backwards compatible.
Signed-off-by: Miek Gieben <miek@miek.nl>
Update all documentation in the tree to use example.org as an example
configuration (in so far possible). As to get out of the just use "."
and fallthrough and things would be fine.
Signed-off-by: Miek Gieben <miek@miek.nl>
In the setup function use plugin.Error() to wrap the errors with the
plugin name. Because there isn't a separate setup() function this is
done for all returned errors.
Remove *upstream.Upstream from the New parameters as this is always set
and adjust the tests to account for this.
Signed-off-by: Miek Gieben <miek@miek.nl>
the current update frequency for the refresh loop in the route 53 plugin is hard-coded
to 1 minute. aws rate-limits the number of api requests so less frequent record refreshes
can help when reaching those limits depending upon your individual scenarios. this pull
adds a configuration option to the route53 plugin to adjust the refresh frequency.
thanks for getting my last pull released so quickly. this is the last local change that
i have been running and would love to get it contributed back to the project.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
without the paging parameter set, it will default to 100 records per request. with large enough zones and
potentially multiple coredns daemons configured to pull from route 53, this can quickly add up and reach
aws global api rate limits (5/sec per root account). increasing paging to max can help reduce the number
of requests needed to pull records for a zone without no down side that i am aware of.
this helps issue #2353, but probably is not a complete fix.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
* Update Caddy to 1.0.1, and update import path
This fix updates caddy to 1.0.1 and also
updates the import path to github.com/caddyserver/caddy
This fix fixes 2959
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Also update plugin.cfg
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update and bump zplugin.go
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
`upstream` is not needed as a setting; just set if unconditionally and
remove all documentation and tests for it.
At some point we want remove the hanlding for `upstream` as well and
error out on seeing it.
Signed-off-by: Miek Gieben <miek@miek.nl>
Various plugins still had this documented, the setup functions still
allow it (which is fine), but update the docs that this arguments isn't
there any more.
Signed-off-by: Miek Gieben <miek@miek.nl>
* [plugin/route53]: Do not return NXDOMAIN where it should be NODATA.
Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com>
* Fix bad merge.
Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com>
* Remove context.Context from request.Request
This removes the context from request.Request and makes all the changes
in the code to make it compile again. It's all mechanical. It did
unearth some weirdness in that the context was kept in handler structs
which may cause havoc with concurrently handling of requests.
Fixes#2721
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Default to upstream to self
This is a backwards incompatible change.
This is a massive (cleanup) PR where we default to resolving external
names by the coredns process itself, instead of directly forwarding them
to some upstream.
This ignores any arguments `upstream` may have had and makes it depend
on proxy/forward configuration in the Corefile. This allows resolved
upstream names to be cached and we have better healthchecking of the
upstreams. It also means there is only one way to resolve names, by
either using the proxy or forward plugin.
The proxy/forward lookup.go functions have been removed. This also
lessen the dependency on proxy, meaning deprecating proxy will become
easier. Some tests have been removed as well, or moved to the top-level
test directory as they now require a full coredns process instead of
just the plugin.
For the etcd plugin, the entire StubZone resolving is *dropped*! This
was a hacky (but working) solution to say the least. If someone cares
deeply it can be brought back (maybe)?
The pkg/upstream is now very small and almost does nothing. Also the
New() function was changed to return a pointer to upstream.Upstream. It
also returns only one parameter, so any stragglers using it will
encounter a compile error.
All documentation has been adapted. This affected the following plugins:
* etcd
* file
* auto
* secondary
* federation
* template
* route53
A followup PR will make any upstream directives with arguments an error,
right now they are ignored.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix etcd build - probably still fails unit test
Signed-off-by: Miek Gieben <miek@miek.nl>
* Slightly smarter lookup check in upstream
Signed-off-by: Miek Gieben <miek@miek.nl>
* Compilez
Signed-off-by: Miek Gieben <miek@miek.nl>
* [plugin/route53]: Support batch mode operation.
Cache all Route53 records internally using `ListResourceRecordPagesWithContext`
and serve them from memory.
Bonus features:
* Support additional r53 record types (`CNAME`, `SOA`, etc)
* Support `upstream` option (#2099 filed to support argument optionality)
Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com>
Signed-off-by: Dmitry Ilyevskiy <ilyevsky@gmail.com>
Every plugin needs to deal with EDNS0 and should call Scrub to make a
message fit the client's buffer. Move this functionality into the server
and wrapping the ResponseWriter into a ScrubWriter that handles these
bits for us. Result:
Less code and faster, because multiple chained plugins could all be
calling scrub and SizeAndDo - now there is just one place.
Most tests in file/* and dnssec/* needed adjusting because in those unit
tests you don't see OPT RRs anymore. The DNSSEC signer was also looking
at the returned OPT RR to see if it needed to sign - as those are now
added by the server (and thus later), this needed to change slightly.
Scrub itself still exist (for backward compat reasons), but has been
made a noop. Scrub has been renamed to scrub as it should not be used by
external plugins.
Fixes: #2010
Signed-off-by: Miek Gieben <miek@miek.nl>
* Clean up tests logging
This cleans up the travis logs so you can see the failures better.
Older tests in tests/ would call log.SetOutput(ioutil.Discard) in
a haphazard way. This add log.Discard and put an `init` function in each
package's dir (no way to do this globally). The cleanup in tests/ is
clear.
All plugins also got this init function to have some uniformity and kill
any (future) logging there in the tests as well.
There is a one-off in pkg/healthcheck because that does log.
Signed-off-by: Miek Gieben <miek@miek.nl>
* bring back original log_test.go
Signed-off-by: Miek Gieben <miek@miek.nl>
* suppress logging here as well
Signed-off-by: Miek Gieben <miek@miek.nl>
